Re: [openssl-users] output from: dh, dhparam, pkeyparam
On 08/10/2016 11:00 AM, Jakob Bohm wrote: > On 08/08/2016 16:51, Benjamin Kaduk wrote: >> What Rich said, and also note that it's perfectly valid usage of the >> PEM routines to read one type from a BIO and then go on to read >> another (potentially different) type from the same BIO, as would >> happen if they were in the same file concatenated after each other. >> So, attempting to peek and see if there was other stuff after the >> read PEM object would be a strange special case. >> > Maybe there should be a general > check-no-more-data-in-file(BIO*,bool*bIsPEM) > routine called from the functions that take a file name as > argument, open it as a BIO, loads some PEM data and closes > the BIO, thus giving the caller no opportunity to use (or > check for) any extra PEM blocks (or DER blocks for DER > input). That level of foot-shooting-protection seems overkill to me, though my opinion doesn't really matter since I'm not on the dev team. -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] output from: dh, dhparam, pkeyparam
On 08/08/2016 16:51, Benjamin Kaduk wrote: What Rich said, and also note that it's perfectly valid usage of the PEM routines to read one type from a BIO and then go on to read another (potentially different) type from the same BIO, as would happen if they were in the same file concatenated after each other. So, attempting to peek and see if there was other stuff after the read PEM object would be a strange special case. Maybe there should be a general check-no-more-data-in-file(BIO*,bool*bIsPEM) routine called from the functions that take a file name as argument, open it as a BIO, loads some PEM data and closes the BIO, thus giving the caller no opportunity to use (or check for) any extra PEM blocks (or DER blocks for DER input). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] output from: dh, dhparam, pkeyparam
What Rich said, and also note that it's perfectly valid usage of the PEM routines to read one type from a BIO and then go on to read another (potentially different) type from the same BIO, as would happen if they were in the same file concatenated after each other. So, attempting to peek and see if there was other stuff after the read PEM object would be a strange special case. -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] output from: dh, dhparam, pkeyparam
OpenSSL behavior is pretty consistent, when reading a PEM file, everything before the first PEM marker (of the right type!) is ignored. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users